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(54) Use of hashing in a secure boot loader 

(57) Machine instructions comprising a bootstrap 
code are buried within a critical component of an elec- 
tronic game console where they cannot readily be ac- 
cessed or modified. A preloader portion in a read only 
memory (ROM) is hashed by the bootstrap code and the 
result is compared to an expected hash value main- 
tained in the bootstrap code. Further verification of the 
boot-up process is carried out by the preloader, which 
hashes the code in ROM to obtain a hash value for the 
code. The result is verified against a digital signature 
value that defines an expected value for this hash. Fail- 
ure to obtain any expected result terminates the boot- 
up process. Since the bootstrap code confirms the 
preloader, and the preloader confirms the remainder of 
the code in ROM, this technique is useful for ensuring 
that the code used for booting up the device has not 
been modified or replaced. 
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Description 

Field of the Invention 

[0001] The present invention generally relates to se- 
curely booting up an electronic device that includes a 
processor, and more specifically, pertains to ensuring 
that only desired machine instructions are executed by 
the processor when booting up such an electronic de- 
vice, so as to prevent substitute or alternative machine 
instructions from being executed during the boot-up 
process. 

Background of the Invention 

[0002] There are many types of electronic devices 
that must undergo a boot-up process when initially en- 
ergized or reset. During the boot-up process, machine 
instructions controlling the basic operating characteris- 
tics of the electronic device are typically accessed 
where stored in read only memory (ROM) and executed 
to initialize the device and enable loading of further ma- 
chine instructions into random access memory (RAM) 
that will be executed to enable the electronic device to 
implement still further functions. For example, when a 
personal computer is booted-up, instructions compris- 
ing a basic input-output system (BIOS) are executed 
that enable an operating system to be loaded into RAM 
from a hard drive and executed by the computer's cen- 
tral processing unit (CPU). The term "boot-up" is a short 
form of an earlier and perhaps more descriptive term 
"bootstrap." 

[0003] Other types of electronic devices that must be 
booted-up include game consoles, digital recording de- 
vices, personal data systems, and almost any other 
electronic product that includes some form of processor 
that must execute a set of initial machine instructions to 
enable further functionality, as additional machine in- 
structions are loaded into memory and executed. Be- 
cause the boot-up process determines an initial state of 
an electronic device, it affects important operating pa- 
rameters of the device and can have a substantial im- 
pact on how the electronic device is used after the boot- 
up process is completed. Preventing modification of the 
boot-up process can be important to a company that 
sold the electronic device, to avoid the loss of revenue 
arising from the use of the device. 
[0004] For example, in the electronic gaming industry, 
much of the commercial value of game consoles sold to 
play electronic games derives from the licensing reve- 
nue generated by the game software that runs on the 
game consoles. Accordingly, the machine instructions 
that are loaded during the boot-up process implement 
functionality to prevent unlicensed copies of software 
from being run on the game consoles and enforces the 
manufacturer's policies relating to the use of the game 
consoles for playing electronic games. Certain users 
tend to view the restrictions on running unlicensed cop- 
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ies of software and the restrictions that enforce such pol- 
icies on a game console as a challenge and an unwel- 
come limitation on the use of the game consoles. Such 
users work to overcome these restrictions by "hacking" 

5 the game console circuitry and software. For example, 
one way to avoid these restrictions is to cause the boot- 
up process running on a game console to load an altered 
software kernel in which certain changes have been 
made. These changes remove the restrictions imposed 

10 by the manufacturer of the game console, which can re- 
sult in the loss of control by the manufacturer regarding 
how the game consoles are used, and can cause the 
loss of revenue, if unlicensed copies of software games 
are thereby enabled to run on the game console. Ac- 

15 cordingly, it is common for a substantial effort to be un- 
dertaken by game console manufacturers to prevent a 
hacker from enabling an altered software kernel from 
being used during the boot-up process. 
[0005] A similar problem exists in other areas of tech- 

20 nology that employ electronic devices that must boot- 
up. For example, manufacturers of satellite television re- 
ceivers that limit channels received based upon the 
monthly fee paid by users must ensure that their security 
policies and policies regarding use of their products are 

25 followed so that the consumer is only able to use the 
electronic device in accord with the terms of its license. 
A hacker might be able to modify the code that causes 
the processor in a satellite receiver to determine the tel- 
evision channels that the user has paid to view, thereby 

30 enabling all of the channels to be received and viewed 
without proper payment of the license fee to do so. 
[0006] Accordingly, it would be desirable to ensure 
that only authorized software code is executed during a 
boot-up of an electronic device. Any technique that is 

35 used should prevent a modified or alternative set of ma- 
chine instructions from being substituted for the author- 
ized software that is intended to be executed during boot 
up of the device, and thus ensure that the electronic de- 
vice implements the functionality and policies of the par- 

40 ty that manufactured and/or distributed it to the end user. 
The known approaches used to prevent hackers from 
defeating the restrictions and policies regarding use of 
an electronic device, which are included in the code 
loaded at boot up of electronic devices, are apparently 

45 not fully successful. By using add-in circuit cards that 
include alternative software code, the known security 
approaches can at least partially be defeated by hackers 
who couple the circuit cards into the circuitry of the elec- 
tronic device. Clearly, a more secure and rigorous ap- 

50 proach is required to prevent an alternative code from 
being inserted and executed during the boot-up process 
of an electronic device. 

Summary of the Invention 

55 

[0007] The present invention should generally be ap- 
plicable to almost any electronic device that includes a 
processor and must boot-up when initially energized or 
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reset, to enable other functions of the electronic device 
to be carried out. In such a device, it will often be impor- 
tant to protect proprietary information that is employed 
during the operation of the device and to prevent unau- 
thorized code from being executed during the boot-up 
process, to subvert policies related to the operation and 
application of the electronic device. 
[0008] One of the components most likely to be re- 
placed to subvert the desired policies and functionality 
of an electronic device is non-volatile memory in which 
machine instructions are stored that define how the 
electronic device is used. Accordingly, the present in- 
vention attempts to confirm that the code comprising the 
machine instructions in such memory is authorized (i.e., 
hasn't been modified or replaced with machine instruc- 
tions that change the desired functionality and policies 
of the electronic device). In the present invention, the 
authorized code includes a predefined portion (also re- 
ferred to as preloader code). This predefined portion 
must remain the same, even when changes are made 
to the remainder of the authorized code, or the electronic 
device will not boot-up. 

[0009] A procedure is initially carried out to ensure 
that the predefined portion of the code is authorized. In 
this procedure, the predefined portion is hashed, pro- 
ducing a first hash value. The first hash value is then 
compared to a stored hash value that is maintained in 
a circuit component of the electronic device, separate 
from the memory where the code is stored, to verify that 
the predefined portion of the code is authorized. If the 
first hash value equals the stored hash value, execution 
of the predefined portion of the code is enabled, and if 
not, the boot-up of the electronic device is terminated. 
If the predefined portion of the code is enabled, substan- 
tially all of the code is hashed, to determine a second 
hash value. A digital signature is included in a different 
part of the code than the predefined portion of the code. 
The second hash value is then verified against the digital 
signature, to ensure the authenticity of the signature. If 
the digital signature is verified to be authentic, execution 
of the code is enabled, and if not, the boot-up of the elec- 
tronic device is terminated. 

[0010] To compare the first value to the stored hash 
value, an initial code that is maintained in a non-volatile 
storage portion of the circuit component is executed. 
This initial code includes the stored hash value and is 
maintained in a graphic processor, although, it is also 
contemplated that the stored hash value might be main- 
tained in other types of auxiliary processors, such as a 
an audio processor, an input processor, an output proc- 
essor, a communication processor, or a digital signal 
processor. Indeed, it would be even more preferable to 
maintain the initial code and the expected hash value in 
a processor that executes the initial code. The initial 
code is executed to hash the predefined portion, and to 
carry out the comparison of the first hash value with the 
stored hash value. In a preferred form of the invention, 
the initial code is permanently defined in firmware as a 



predetermined number of bytes. In addition, the prede- 
fined portion of the code preferably comprises a prede- 
termined number of bytes that are disposed at a prede- 
termined location within the code. Clearly, unless the 
5 stored hash value is correspondingly changed, the size 
and content of the predefined portion of code cannot be 
modified, since the stored hash value would then not 
equal the first hash value. 

[001 1] The predefined code also includes a public key 
10 that is used for verifying the digital signature and has 
machine instructions that enable an encrypted kernel 
portion of the code to be decrypted. The decrypted ker- 
nel is then executed to complete the boot-up of the elec- 
tronic device. The predefined code employs a streaming 
15 cipher to implement the decryption of the kernel portion 
of the code. 

[0012] Another aspect of the present invention is di- 
rected to a memory medium on which is stored code 
comprising machine instructions that are accessed dur- 

20 ing the boot-up of an electronic device to determine 
whether the code is authorized. The memory medium 
includes the kernel portion, the boot loader portion, the 
preloader portion, and the digital signature, generally as 
discussed above. 

25 [0013] Yet another aspect of the present invention is 
directed to an electronic device that must be booted-up 
to operate. The electronic device includes a non-volatile 
memory in which a plurality of machine instructions are 
stored. The non-volatile memory includes a main portion 

30 and a preloader portion having a predefined content, 
size, and location. A processor is coupled to the non- 
volatile memory to execute the machine instructions 
during the boot-up process. A bootstrap code firmware 
element specifies machine instructions defining a hash- 

35 ing algorithm and an expected hash value. The machine 
instructions of the bootstrap code firmware are executed 
by the processor initially during the boot-up of the elec- 
tronic device, causing the processor to carry out the 
hashing of the preloader portion and comparison of the 

40 result to the expected hash value. Other details of the 
electronic device and its functionality are generally con- 
sistent with the steps of the method discussed above. 
[0014] By employing the present invention in an elec- 
tronic device, such as a game console, it will be appar- 

45 ent that an attempt to change machine instructions ex- 
ecuted during the boot-up process or to substitute an- 
other memory with different machine instructions will 
prevent the device from successfully booting up. Ac- 
cordingly, the present invention should generally pre- 

50 vent someone from modifying the basic functionality or 
avoiding desired policies that are to be implemented by 
the electronic device, by ensuring that only authorized 
code is executed during the boot-up of the electronic 
device. 

55 

Brief Description of the Drawing Figures 

[001 5] The foregoing aspects and many of the attend- 
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ant advantages of this invention will become more read- 
ily appreciated as the same becomes better understood 
by reference to the following detailed description, when 
taken in conjunction with the accompanying drawings, 
wherein: 5 

FIGURE 1 is an isometric schematic view of a game 
console that employs the present invention; 
FIGURE 2A is a block diagram of several functional 
components included in the game console of FIG- w 
URE 1; 

FIGURE 2B is a functional block diagram of a gen- 
eral electronic device that boots-up and includes a 
processor and memory; 

FIGURE 3 is a schematic diagram illustrating por- 15 
tions of a memory as configured in the present in- 
vention; and 

FIGURE 4 is a flow chart illustrating the logic imple- 
mented in the present invention. 

20 

Description of the Preferred Embodiment 

Exemplary System 

[0016] It must be emphasized that the present inven- 25 
tion is not intended to be limited to use only with a game 
console, although an initial preferred embodiment of the 
present invention is indeed used on a game console. 
This invention was developed to ensure that proprietary 
information is not disclosed to users who attempt to re- 30 
verse engineer code, and to prevent users from avoiding 
licensing restrictions and policies relating to use of the 
game console for playing electronic games. 
[0017] As shown in FIGURE 1, an exemplary elec- 
tronic gaming system 1 00 includes a game console 1 02 35 
and support for up to four user input devices, such as 
controllers 104a and 104b. Game console 102 is 
equipped with an internal hard disk drive (not shown in 
this Figure) and a portable media drive 1 06 that supports 
various forms of portable optical storage media, as rep- 4 o 
resented by an optical storage disc 108. Examples of 
suitable portable storage media, include DVD discs and 
CD-ROM discs. In this gaming system, game programs 
are preferably distributed for use with the game console 
on DVD discs, but it is also contemplated that other stor- 45 
age media might instead be used on this or other types 
of systems that use the present invention to enforce data 
security policies and to ensure the authenticity of the 
digital data that are input to the system. 
[0018] On a front face of game console 102 are four so 
slots 11 0 for connection to and support of the controllers, 
although the number and arrangement of slots may be 
modified. A power button 112 and an eject button 114 
are also positioned on the front face of game console 
102. Power button 112 controls application of electrical 55 
power to the game console, and eject button 114 alter- 
nately opens and closes a tray (not shown) of portable 
media drive 106 to enable insertion and extraction of 
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storage disc 1 08 so that the digital data on it can be read 
for use by the game console. 

[0019] Game console 102 connects to a television or 
other display monitor or screen (not shown) via audio/ 
visual (A/V) interface cables 120. A power cable plug 
1 22 conveys electrical power to the game console when 
connected to a conventional alternating current line 
source (not shown). Game console 102 may be further 
provided with a data connector 124 to transfer data over 
a network such as the Internet, for example, via a con- 
ventional telephone modem, or more preferably, by a 
broadband connection. 

[0020] Each controller 104a and 104b is coupled to 
game console 102 via a lead (or alternatively through a 
wireless interface). In the illustrated implementation, the 
controllers are Universal Serial Bus (USB) compatible 
and are connected to game console 1 02 via USB cables 
130. Game console 102 may be equipped with any of a 
wide variety of user devices for interacting with and con- 
trolling the game software. Although all details of con- 
troller 104a are not shown in FIGURE 1 , each controller 
104a and 104b is equipped with two thumbsticks 132a 
and 132b, a D-pad 134, buttons 136, and two triggers 
138. These controllers are merely representative, and 
other known gaming input and control mechanisms may 
be substituted for or added to those shown in FIGURE 
1 for use with game console 1 02. 
[0021] A removable or portable memory unit (MU) 1 40 
can optionally be inserted into controller 104 to provide 
additional removable storage. Portable MUs enable us- 
ers to store game parameters and port them for play on 
other consoles, by inserting the portable MUs into the 
other controllers. In the described implementation, each 
controller is configured to accommodate two MUs, al- 
though more or fewer than two MUs may instead be em- 
ployed. 

[0022] Gaming system 100 is capable of playing 
games, music, and videos. It is contemplated that other 
functions can be implemented using digital data stored 
on the hard disk drive or read from optical storage disc 
1 08 in drive 1 06, from an online source, or from MU 1 40. 
The game console is designed to prevent unauthorized 
copies of electronic game discs from being played on 
the game console. Also, certain polices are enforced by 
the game console. For example, software sold in one 
geographic region may be precluded from executing on 
a game console that is sold in a different geographic re- 
gion. Also, an industry standard scheme (MACROVI- 
SION™) for preventing copying of video DVDs is imple- 
mented by the game console software. 
[0023] Certain users would prefer to defeat these 
functional limitation and policies that are implemented 
by the game console. One way to attempt to avoid these 
limitations and policies is by installing an integrated cir- 
cuit (IC) or module in the game console that replaces 
the original ROM and code stored therein for use in boot- 
ing-up the game console, with a modified version. The 
modifications to the machine instructions in such re- 
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placement modules are intended to operate during the 
boot-up process and eliminate or change the restrictions 
imposed by the manufacturer or designer of the game 
console that prevent use of unauthorized copies, the 
copying of video DVDs, and other functional aspects 5 
and/or policies of the game consoles. However, the 
present invention makes it extremely difficult to insert 
an unauthorized replacement ROM module to alter the 
boot-up process and terminates the boot-up process if 
it detects that an attempt has been made to employ al- * o 
ternative and unauthorized code during the boot-up of 
the game console. 

[0024] In order to prevent proprietary information re- 
garding the boot-up process from being discovered and 
to prevent modified or alternative code from being em- 15 
ployed during the boot-up process, at least some portion 
of the machine instructions that are executed during 
boot-up must be kept separate from the majority of the 
machine instructions that are included within the ROM 
of the game console or other electronic device. Gener- 20 
ally, ICs, traces, connection points, and vias on a printed 
circuit board of an electronic device are readily acces- 
sible if the housing of the electronic device is opened, 
enabling new connections and modifications to be phys- 
ically made to hack the device. Although it is difficult to 25 
prevent someone from accessing the printed circuit 
board, the present invention makes it very difficult to ac- 
cess machine instructions that are embedded as 
firmware within one of the ICs mounted on the printed 
circuit board. Preferably, an IC should be used for this 30 
purpose that is not readily available to the public from 
its supplier, since it is custom made for the manufacturer 
of the electronic device. Also, the IC used for this pur- 
pose should be essential to the operation of the elec- 
tronic device, so that if an attempt is made to access the 35 
firmware embedded in the IC, it is very likely that the 
operation of the IC, and thus, the operation of the elec- 
tronic device will be adversely affected. 
[0025] FIGURE 2A illustrates several of the IC com- 
ponents that are included within game console 100. A *o 
CPU 202 is the main processor and is used for carrying 
out a majority of the processing functions of the game 
console. CPU 202 must initially be booted-up, as is com- 
mon for most processors, to enable it to carry out various 
functions which the game console is designed to imple- 45 
ment. CPU 202 is bi-directionally connected to a cus- 
tomized graphic processor that is also a bus and mem- 
ory controller chip 204 produced by NVIDIA Corporation 
and designated as the NV2A chip. The NV2A chip is 
connected to RAM 206 and to another NVIDIA custom- 50 
made chip that is a media communications processor 
(MCP) 208, which provides audio signal processor ca- 
pability, couples to system memory, and also couples to 
the USB port and Ethernet port for data communication. 
Included within MCP 208 are 51 2 bytes of firmware com- 55 
prising a bootstrap code 21 2. Bootstrap code 21 2 is sub- 
stantially buried under other layers within MCP 208 and 
is not accessible simply by decapping this module. In 
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order to physically access bootstrap code 212, it would 
be necessary to remove other overlying layers, which 
would effectively destroy the MCP module, making it 
and the game console unusable. Furthermore, since 
MCP 208 is custom-made for the manufacturer of the 
game console, it is not available to others on the open 
market. Even if the bootstrap code is accessed in some 
manner to make the machine instructions comprising 
this firmware "visible," the present invention makes the 
boot sequence unalterable. MCP 208 couples to a ROM 
210, which includes most of the machine instructions 
that are used during the boot-up of game console 100. 
[0026] A more general application of the present in- 
vention is shown in regard to the components in FIG- 
URE 2B. It is contemplated that a custom CPU 220 
could include firmware bootstrap code 222 "buried" 
within it, below other layers of the CPU. As shown in 
FIGURE 2B, CPU 220 is coupled to RAM 206 and ROM 
21 0. Since bootstrap code 222 comprises firmware with- 
in CPU 220, signals between the processing portion of 
the CPU and bootstrap code 222 would be generally in- 
accessible. Accordingly, for the embodiment shown in 
FIGURE 2B, it would be even more difficult to access 
bootstrap code 222 and determine its content, and thus, 
the embodiment of FIGURE 2B provides a further in- 
crease in security, relative to the embodiment of FIG- 
URE 2A. 

[0027] FIGURE 3 illustrates different portions of ROM 
210 that are used in the present invention. In the pre- 
ferred embodiment used in game console 100, ROM 
210 comprises a 256 kilobyte memory module. Included 
within ROM 21 0 is a preloader 230, which is not encrypt- 
ed. Preloader 230 has fixed size of approximately 11 kil- 
obytes in the preferred embodiment, and its content, 
size, and location within ROM 210 are all predefined. It 
is important to note that preloader 230 includes an en- 
crypted public key 231. Also important is the need to 
maintain the content of preloader 230 unchanged, un- 
less a corresponding change is made to firmware boot- 
strap code 21 2, as will be evident from the following ex- 
planation. ROM 210 also includes a boot loader 232, 
which is encrypted. In addition, ROM 210 includes a dig- 
ital signature 234 and a symmetric key 236. By far the 
greater portion of ROM 210 is devoted to storing ma- 
chine instructions comprising a kernel 238. Kernel 238 
is both compressed and encrypted. The machine in- 
structions included within kernel 238 define much of the 
functionality and establish the policies relating to the op- 
eration of game console 100. Finally, a chipset initialize 
code 240 is included and is executed when initially pow- 
ering up the game console. 

[0028] FIGURE 4 illustrates the logical steps that are 
implemented when game console 102 is initially ener- 
gized or is reset. A step 250 provides for running the 
chipset initialize code in ROM 210. The machine instruc- 
tions included within chipset initialize code 240 are not 
encrypted; they define the specific configuration infor- 
mation and the specific configuration sequence that is 
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appropriate for the architecture of the complete game 
console. The machine code necessary to perform the 
chipset configuration is included in bootstrap code; the 
specific values and sequence are part of the chipset in- 
itialize code. Also, the initialization sequence for the 5 
CPU is contained in the bootstrap code and is executed 
prior to the remainder of chipset initialize code. Next, in 
a block 252, the machine instructions included within 
firmware bootstrap code 212, which is buried within 
MCP 208, runs a one-way hashing algorithm to deter- 10 
mine a hash value for preloader 230 in ROM 210. As 
noted above, in the original ROM 210 that was installed 
within game console 100 when it was manufactured, 
preloader 230 will have a specific content, size, and lo- 
cation within ROM 21 0. Accordingly, the hash value ob- 15 
tained by hashing the machine instructions included 
within preloader 230 should always remain the same, 
so long as preloader 230 has not been altered or re- 
placed with unauthorized code. In the preferred embod- 
iment, an SHA-1 one-way hash algorithm is applied to 20 
hash the preloader. Alternatively, an MD5 hashing algo- 
rithm could instead be employed, and those of ordinary 
skill in the art will appreciate that still other hashing al- 
gorithms can be used. The hashing algorithm employed 
is included within the machine instructions of bootstrap 25 
code 212. 

[0029] Also included within bootstrap code 212 is a 
stored hash value that is the expected hash value for 
preloader 230, and a symmetric key. A step 254 loads 
the stored hash value from the bootstrap code. The ma- 30 
chine instructions in bootstrap code 212 compare the 
stored hash value from the bootstrap code to the hash 
value that was just determined for preloader 230 in step 
252. The comparison is made in a decision step 256 to 
determine if the stored hash value is equal to the actual 35 
hash value that was determined. If not, the machine in- 
structions in bootstrap code 212 implement a step 258, 
which stops the boot-up process of game console 102. 
Accordingly, it will be apparent that if a different ROM is 
substituted for the original ROM, and the new substitut- *o 
ed or unauthorized ROM does not include an identical 
preloader portion that will produce the expected hash 
value when processed with the one-way hash algorithm, 
decision step 256 will detect the modification to preload- 
er 230 and terminate the boot-up process. *5 
[0030] Assuming that the stored expected hash value 
is equal to the actual hash value that was determined, 
a step 260 executes the machine instructions compris- 
ing the preloader code portion of ROM 210. This step 
can be implemented, since it will be apparent that the 50 
preloader machine instructions are identical to the 
preloader code originally included in the ROM installed 
within the game console by its manufacturer. 
[0031] Next, a step 262 provides for determining a 
hash value for the entire ROM 210, except digital signa- 55 
ture 234. The preloader also includes machine instruc- 
tions for determining a one-way hash value and again 
preferably uses either the SHA-1 or the MD5 hashing 



algorithms (or one of the other well known one-way 
hashing algorithms) to determine the hash value for 
most of the contents of ROM 210 (the digital signature 
is not included among the contents of ROM 210 that are 
hashed). So long as the same hash algorithm is applied, 
the result should always be the same unless the ma- 
chine instructions have been changed, or replaced with 
unauthorized machine instructions. Changing even a 
single bit of the machine instructions that are hashed in 
ROM 210 will substantially change the resulting hash 
value. 

[0032] Public key 231 in ROM 210 is applied to digital 
signature 234, in a step 264 to produce a corresponding 
value for the digital signature. (Before the public key can 
be applied, it is decrypted with the symmetric key stored 
in the bootstrap code of the MCP, but this step is not 
required if the public key is not encrypted with this sym- 
metric key.) Next, the machine instructions in preloader 
230 determine if the public key is able to verify the sig- 
nature in a decision step 266 in FIGURE 4; this step de- 
termines if the value from step 264 equals the has value 
for the ROM determined in step 262. If not, a step 268 
stops the boot-up operation since it will be apparent that 
the signature in ROM n has been changed since the orig- 
inal content of the ROM was created. As is well known, 
if the signature value was originally signed using a pri- 
vate key known only to the manufacturer of the game 
console, the validity of the signature can be confirmed 
using a public key. If someone hacks game console 1 00 
and attempts to modify any portion of ROM 210, the 
change in the hash value will be detected at decision 
step 266, causing the boot-up process to be terminated 
in step 268. Conversely, if the digital signature matches 
the hash of the ROM, it will be apparent that the ROM 
content is identical to the original content that is author- 
ized 

[0033] Assuming that the value determined from the 
digital signature in step 264 verifies the hash of the ROM 
in decision step 266, a step 270 enables the boot-up to 
go to completion, enabling kernel 238 to be copied into 
RAM 206 and then decompressed and unencrypted into 
the RAM. Preloader 230 includes machine instructions 
for decrypting the boot loader. The symmetric key in the 
firmware bootstrap code maintained in the MCP is com- 
bined with symmetric key 236 in ROM 210 to produce a 
new symmetric code that is used for decrypting the boot 
loader in accord with the machine instructions in the 
preloader. 

[0034] The boot loader includes machine instructions 
for implementing a stream cipher decryption of the com- 
pressed and encrypted kernel, in accordance with the 
RC4 stream cipher algorithm, as is well known to those 
of ordinary skill in the art. The machine instructions com- 
prising the kernel that have been decompressed and de- 
crypted into RAM 206 can then be executed by CPU 202 
to carry out the full functionality of the game console, 
ensuring, e.g.. that it loads only authorized game soft- 
ware, executes an algorithm that discourages copying 
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of video DVDs, and ensures that it carries out all other 
policies and functions desired by the manufacturer of 
the game console, as defined by the authorized boot-up 
code. 

[0035] Although the present invention has been de- 
scribed in connection with the preferred form of practic- 
ing it, those of ordinary skill in the art will understand 
that many modifications can be made thereto within the 
scope of the claims that follow. Accordingly, it is not in- 
tended that the scope of the invention in any way be 
limited by the above description, but instead be deter- 
mined entirely by reference to the claims that follow. 

Claims 

1. A method for determining whether code provided 
for execution during a boot-up of an electronic de- 
vice is authorized, said method comprising the 
steps of 

(a) hashing a predefined portion of the code to 
produce a first hash value; 

(b) comparing the first hash value to a stored 
hash value that is maintained in a circuit com- 
ponent of the electronic device, separate from 
a memory where the code is stored, to verify 
that the predefined portion of the code is au- 
thorized; 

(c) if the first hash value equals the stored hash 
value, enabling execution of the predefined 
portion of the code, and if not, terminating the 
boot-up of the electronic device; 

(d) wherein executing said predefined portion 
of the code that is authorized carries out the 
steps of: 

(i) hashing substantially all of the code to 
determine a second hash value; and 

(ii) verifying whether a digital signature that 
is included in the code matches the second 
hash value, and if so, enabling execution 
of the code, and if not, terminating the boot- 
up of the electronic device. 

2. The method of Claim 1 , wherein the step of com- 
paring the first value to the stored hash value com- 
prises the step of executing an initial code that is 
maintained in a non-volatile storage portion of the 
circuit component, said initial code including the 
stored hash value. 

3. The method of Claim 2, wherein the initial code is 
maintained in an auxiliary processor. 

4. The method of Claim 2, wherein the initial code is 
maintained in one of: 



(a) a graphic processor; 

(b) an audio processor; 

(c) an input processor; 

(d) an output processor; 

5 (e) a communication processor, and 

(f) a digital signal processor. 

5. The method of Claim 2, wherein the initial code is 
maintained in a processor that executes the initial 

10 code. 

6. The method of Claim 2, wherein the initial code is 
executed to carry out steps (a) through (c) of Claim 
1. 

15 

7. The method of Claim 2, wherein the initial code is 
permanently defined in firmware as a predeter- 
mined number of bytes. 

20 8. The method of Claim 1 , wherein the predefined por- 
tion of the code comprises preloader code having a 
predetermined number of bytes disposed at a pre- 
determined location within the code. 

25 9. The method of Claim 8, wherein the step of verifying 
the digital signature is carried out with a public key 
that is included In the preloader code. 

10. A memory medium on which is stored code com- 
30 prising machine instructions that are accessed dur- 
ing a boot-up of an electronic device, said machine 
instructions being in part useful to determine wheth- 
er the code Is authorized, said memory medium in- 
cluding: 

35 

(a) a kernel portion in which a substantial ma- 
jority of the machine instructions comprising the 
code is stored; 

(b) a boot loader portion adapted to load ma- 
40 chine instructions included in the kernel por- 
tion, for execution by the electronic device; 

(c) a preloader portion having a predefined 
number of bytes and a predefined content, said 
preloader portion being disposed at a predeter- 

45 mined location on the memory medium; and 

(d) a digital signature portion, said digital sig- 
nature portion providing a confirming hash val- 
ue for comparison to a hash value obtained by 
hashing the code, for use in determining wheth- 

50 er the code is authorized. 

1 1 . The memory medium of Claim 1 0, wherein a public 
key included in the preloader portion is usable for 
decrypting the signature portion 

55 

12. The memory medium of Claim 10, wherein the 
memory medium comprises a read only memory. 
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13. The memory medium of Claim 10, wherein the 
preloader portion includes machine instructions 
that define a one-way hashing algorithm. 

14. The memory medium of Claim 10, wherein the 
preloader portion includes machine instructions 
that enable verification of the digital signature, using 
a public key stored within the preloader portion 

15. The memory medium of Claim 10, wherein the ker- 
nel portion is encoded. 

16. The memory medium of Claim 10, wherein the 
preloader portion includes machine instructions for 
carrying out a stream cipher decoding of the kernel 
portion. 

17. The memory medium of Claim 10, wherein the 
preloader portion includes at least one public key 
for use in verifying a signature signed with a corre- 
sponding private key. 

18. An electronic device that must be booted-up to op- 
erate, comprising: 

(a) a non-volatile memory in which a plurality of 
machine instructions are stored, said non-vol- 
atile memory including a main portion, and a 
preloader portion that is predefined in regard to 
a content, a size, and a location; 

(b) a processor that is coupled to the non-vol- 
atile memory to execute the machine instruc- 
tions; and 

(c) a bootstrap code firmware element that 
specifies machine instructions defining a hash- 
ing algorithm and an expected hash value, the 
machine instructions of said bootstrap code 
firmware being executed by the processor ini- 
tially during a boot-up of the electronic device, 
causing the processor to: 

(i) hash the preloader portion of the non- 
volatile memory to determine a preloader 
hash value; 

(ii) compare the expected hash value to the 
preloader hash value; and 

(iii) terminate the boot-up of the electronic 
device if the preloader hash value does not 
equal the expected hash value. 

19. The electronic device of Claim 18, wherein the 
preloader portion of the non-volatile memory in- 
cludes machine instructions that cause the proces- 
sor to: 

(a) hash the non-volatile memory, producing a 
memory hash value; 

(b) compare the memory hash value to an ex- 



10 



pected memory hash value that is included in 
the preloader portion; and 
(c) terminate the boot-up of the electronic de- 
vice if the memory hash value does not equal 
the expected memory hash value. 

20. The electronic device of Claim 19, wherein the ex- 
pected memory hash value is included as a digital 
signature within the non-volatile memory, but is ex- 
cluded when the non-volatile memory is hashed. 



21. The electronic device of Claim 20, wherein the ma- 
chine instructions in the preloader portion of the 
non-volatile memory further cause the processor to 

15 verify the digital signature, to determine the expect- 
ed memory hash value. 

22. The electronic device of Claim 20, wherein the ma- 
chine instructions in the preloader portion of the 

20 non-volatile memory further cause the processor to 
apply a public key that is included in the preloader 
portion, to verify the digital signature. 

23. The electronic device of Claim 18, wherein at least 
25 a part of the main portion of the non-volatile memory 

is encrypted, and wherein the preloader portion of 
the non-volatile memory includes machine instruc- 
tions that cause the processor to decrypt said at 
least the part of the main portion of the non-volatile 
30 memory that is encrypted, enabling the boot-up of 
the electronic device to continue with machine in- 
structions that are included in the main portion of 
the non-volatile memory. 

35 24. The electronic device of Claim 1 8, wherein the boot- 
strap code firmware element is disposed within an- 
other component of the electronic device and is 
substantially physically inaccessible without dam- 
aging the other component sufficiently to cause the 

40 electronic device to become inoperable. 

25. The electronic device of Claim 1 8, wherein the other 
component comprises an auxiliary processor. 

45 26. The electronic device of Claim 1 8, wherein the other 
component comprises one of: 



(a) a graphic processor; 

(b) an audio processor; 

(c) an input processor; 

(d) an output processor; 

(e) a communication processor; and 

(f) a digital signal processor. 



50 



55 27. The electronic device of Claim 1 8, wherein the boot- 
strap code firmware element in disposed within the 
processor. 
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28. The electronic device of Claim 18, wherein at least 
a part of the main portion of the non-volatile memory 
is encrypted, and wherein the preloader portion of 
the non-volatile memory includes: 

5 

(a) machine instructions that define a one-way 
hashing algorithm; 

(b) machine instructions for decoding said at 
least the part of the main portion of the non- 
volatile memory; 10 

(c) machine instructions comprising a boot 
loader; and 

(d) at least one public key. 

29. The electronic device of Claim 18, wherein the elec- 1 5 
tronic device comprises a game console. 
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